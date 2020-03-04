In fairness what I’m sharing with you is not limited to America’s 27th state. To me, though, it’s always a fun exercise to note the weirdness that tends to be Florida especially in terms of criminal activity. Could be wrong, but wasn’t (or, is it “isn’t”) the show "Cops" most heavily weighted toward the shirtless Floridian scofflaw feebly jumping fences and hiding under kiddie pools? To all the Florida proponents crying “Foul!” at that illusion, maybe it’s an exaggeration and doesn’t accurately reflect things, yet there’s an image problem that seems apparent at the least.
Allow me to escort you, sans handcuffs, to Florida’s Sailfish Capital of the World, Stuart, Florida, just south of Port St. Lucie on the Atlantic side. You may know it as the home of close-talker, Judge Reinhold. Or, as home to meth and pill pushers. Sadly, at least to the Stuart Police Department and its citizenry, a number of them will have yet another day to get busted in Martin County. Six alleged drug criminals skipped out of the pokey after critical evidence was destroyed.
During the past years of my bringing information security into your field of vision I’ve discussed ransomware. Ransomware is a relatively new form of computer crime or hacking, and begging pardon of those who know about the topic I’ll repeat some basics, here. It works something like this. A criminal wants to get into your computer or mobile phone with the end goal being to hold your information ransom for money. It’s just like kidnapping until the comeuppance if you nab Liam Neeson’s daughter, "Taken"-style. Either way, the bad guy holds the treasure, whether it’s data or live hostage, until you pay.
With ransomware, because the targeted hostage is data, they first need to access your information. They send an email to you. Assume they’d already found your email address, a pretty simple challenge to a savvy hacker. They do some reconnaissance, too, and learn about your habits, interests, and workplace. Every year our lives online become truer reflections of our actual lives. So, they know their target. They know a little about you, and your email address. Then, they craft an email that plays on some of your familiar environment. Say, you’re a UK basketball fan who works at a government office and graduated from the Cumberlands. You’ll get an email that looks like it came from UC. The sender address you see is blah-blah@ucumberlands.edu. That’s a hacker move called spoofing where the real source address is masked with a fake one. The email says that all you need to do to win four Wildcats tickets for the last home game, a contest only available to UC alums, is click on some link to register.
You want to go to that. Click. Alas! You get a follow-up message that says, “Sorry, all available tickets have been won this time but keep your eye out for more great opportunities.” Your day moves on. However, when you clicked that link much more happened as you soon discover. The criminal embedded a software program that (1) gave him access to your computer or phone without password and (2) another program was dispatched that took all of your information—bank accounts, internet history, emails, pictures, you name it—and encrypted it. You now see literally, only gibberish when you log in. Pictures turned into colored dots. Program names aren’t even in English. Letters and numbers that you could read moments earlier look like symbols or punctuation. You’re headed for Cumberland Falls without a paddle in this virtual tragedy.
However, there’s hope! Here comes one message that you can read, indeed: “Ooops, your files have been encrypted! We guarantee that you can recover your [will, your daughter’s wedding photos, the generations-old family recipes] safely and easily. But you have not so enough time.” Here’s where I must note to you that the language used, including the “not so enough time” was pulled exactly from a ransomware victim’s system. It was ransomware called WannaCry (perfect name) from 2017. Whoa!, you think, I only have so enough time, so what do I do? You pay up. From that example it was rather cheap, $300. Guess what. How many people who paid $300 got the decryption key and were taken back to normal? Exactly.
Let’s go back to warmer climes and see how Stuart PD is doing. They got stung, likewise. The Stuart Police Department was hit with a ransomware attack in April 2019. Some of the information that got encrypted included photo and video evidence about ongoing cases. Eleven cases, all narcotics related, instantly became lost causes. Six drug dealers responsible for those cases were flying high, to be sure, after the ransomware attack. Whether they actually had anything to do with the attack was never discovered. I suspect it wasn’t even investigated though in the more organized crime scenarios where criminals have sincerely deep pockets to fund such a hack there’s likely some collusion between the arrestees and the hackers. Here, seems like another case of dumb luck for the drug pushers. Incidentally, Dumb Luck might be good counter-programming to Cops, and it would still likely be heavily weighted toward The Sunshine State.
Sadly, this is more common than we’d like to know. Just heading up the Oxy Express, as I-75 has been called, we’ve seen the same affronts to justice. Another Florida case last December saw one week’s worth of evidence maliciously expunged. Georgia State Patrol, July 2019. Two years of dash-cam evidence in Atlanta, June 2018. Ten months of casework in Ohio, May 2018, and then one month later at the same agency.
Next time I see a quirky, wacky news piece, which without being told I just know comes from Florida, maybe I’ll stop short of my internal, sing-song, cheeky thought of “Only in Florida.” We’re all prone.
Ed is a professor of cybersecurity, an attorney, and a trained ethicist. Reach him at edzugeresq@gmail.com.
